CWE-350
17 CVEs classified under CWE-350. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-1490 | Critical | 9.8 | 2026-02-15 | The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization… |
CVE-2026-42559 | High | 8.8 | 2026-05-14 | RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transpo… |
CVE-2017-0902 | High | 8.1 | 2017-08-31 | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and ins… |
CVE-2021-34561 | High | 7.5 | 2021-08-31 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Atta… |
CVE-2026-36604 | Medium | 6.5 | 2026-06-03 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker ca… |
CVE-2026-28271 | Medium | 6.5 | 2026-02-27 | Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protection… |
CVE-2025-59956 | Medium | 6.5 | 2025-09-29 | AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack w… |
CVE-2025-24010 | Medium | 6.5 | 2025-01-20 | Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to defa… |
CVE-2024-42364 | Medium | 6.5 | 2024-08-23 | Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepa… |
CVE-2020-11091 | Medium | 5.8 | 2020-06-03 | In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert… |
CVE-2022-22364 | Medium | 5.3 | 2024-05-03 | IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A… |
CVE-2026-6874 | Medium | 4.3 | 2026-04-23 | A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Execut… |
CVE-2026-24281 | | 2026-03-07 | Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof… | |
CVE-2025-59163 | | 2025-09-29 | vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Orig… | |
CVE-2024-53275 | | 2024-12-23 | Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vul… | |
CVE-2021-22884 | | 2021-03-03 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not p… | |
CVE-2018-7160 | | 2018-05-17 | The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possibl… |